Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/054b50-a7b1-46f3-9d18-af39bb03097f/1/aMamdndYtr-LSiqK7cchtPfo7eU.roa
File:                     aMamdndYtr-LSiqK7cchtPfo7eU.roa (raw, json)
Hash identifier:          Hs3iCB4UcAm7In94RqaEzXt+QqhFNiOgYMCF6LTA37A=
Subject key identifier:   68:C6:A6:76:77:58:B6:BF:8B:4A:2A:8A:ED:C7:21:B4:F7:E8:ED:E5
Certificate issuer:       /CN=692cf8572344c0a674a67d0f4b51f186e8a71c4b
Certificate serial:       0196F863D74B8DA571610633E924D5D9A0BE
Authority key identifier: 69:2C:F8:57:23:44:C0:A6:74:A6:7D:0F:4B:51:F1:86:E8:A7:1C:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aSz4VyNEwKZ0pn0PS1HxhuinHEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/054b50-a7b1-46f3-9d18-af39bb03097f/1/aMamdndYtr-LSiqK7cchtPfo7eU.roa
Signing time:             Thu 22 May 2025 14:26:54 +0000
ROA not before:           Thu 22 May 2025 14:26:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29311
IP address blocks:        159.46.192.0/18 maxlen: 24
                          159.46.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/054b50-a7b1-46f3-9d18-af39bb03097f/1/aSz4VyNEwKZ0pn0PS1HxhuinHEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/054b50-a7b1-46f3-9d18-af39bb03097f/1/aSz4VyNEwKZ0pn0PS1HxhuinHEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aSz4VyNEwKZ0pn0PS1HxhuinHEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f8:63:d7:4b:8d:a5:71:61:06:33:e9:24:d5:d9:a0:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=692cf8572344c0a674a67d0f4b51f186e8a71c4b
        Validity
            Not Before: May 22 14:26:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68c6a6767758b6bf8b4a2a8aedc721b4f7e8ede5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:be:2e:72:e2:75:4c:1b:80:0d:da:b5:b1:c5:
                    d9:e4:0d:cc:25:2b:d6:63:8d:99:6e:09:44:47:26:
                    53:64:93:02:76:21:63:3e:d5:36:01:47:ee:11:90:
                    66:4b:50:c5:06:ac:e9:3a:da:06:bb:2e:c2:80:32:
                    d5:8f:22:c1:88:0c:cb:67:34:4e:9a:80:61:37:81:
                    8a:98:69:0b:93:87:fb:6d:9c:a1:d4:42:62:fc:e0:
                    05:04:0d:61:0a:5f:dc:64:ad:db:47:1a:9b:8d:24:
                    ba:c2:22:f2:9c:23:df:88:ff:5c:87:b2:16:c8:fa:
                    2b:e9:f6:38:c3:db:18:38:54:27:db:bb:b6:7e:b4:
                    94:e8:5b:1d:36:67:8e:5c:dc:fa:5c:bb:94:81:73:
                    a8:91:b4:c7:7e:0b:d6:4b:f8:32:1b:42:29:2a:da:
                    8b:4b:e7:13:15:24:40:d0:a9:a8:7e:c0:20:1c:88:
                    85:23:77:77:dc:c3:58:9c:d4:f5:7d:95:c3:7c:07:
                    b5:24:82:c9:10:af:1d:35:30:be:80:af:5d:8e:56:
                    7b:42:80:21:d4:c1:26:0e:45:c4:e0:97:05:f1:1f:
                    f7:2e:f2:57:b7:b2:01:f7:7d:77:31:4d:5f:e8:bf:
                    ab:a2:af:a0:4b:7a:d2:27:93:e1:03:2e:99:84:ee:
                    e1:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:C6:A6:76:77:58:B6:BF:8B:4A:2A:8A:ED:C7:21:B4:F7:E8:ED:E5
            X509v3 Authority Key Identifier:
                keyid:69:2C:F8:57:23:44:C0:A6:74:A6:7D:0F:4B:51:F1:86:E8:A7:1C:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aSz4VyNEwKZ0pn0PS1HxhuinHEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/054b50-a7b1-46f3-9d18-af39bb03097f/1/aMamdndYtr-LSiqK7cchtPfo7eU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/054b50-a7b1-46f3-9d18-af39bb03097f/1/aSz4VyNEwKZ0pn0PS1HxhuinHEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.46.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         bc:a0:56:f9:1e:00:23:20:27:e8:96:f5:50:07:bd:05:b2:12:
         3c:60:8d:05:0c:ed:48:26:06:b4:22:f0:ac:d1:8d:08:69:42:
         e0:c6:d2:ee:99:8e:b6:0c:9f:87:f8:9e:74:93:58:06:21:1a:
         21:3b:eb:a2:1e:80:4d:e1:ba:00:3d:f7:2f:67:38:15:10:47:
         38:a8:f0:a0:7d:a6:c8:53:c2:e4:21:53:18:3e:b3:ac:f2:46:
         e9:f8:e3:d4:75:e6:79:1d:00:cd:29:dd:ea:52:75:41:63:b1:
         d1:19:c2:3f:ce:f4:ad:ae:54:6d:2e:07:40:c4:04:06:32:ab:
         5f:8b:35:7d:ff:b8:57:fc:05:9b:7f:d9:25:c0:5a:9a:75:5c:
         f9:a2:f4:37:d9:9a:d0:18:5a:6b:d9:9f:62:fa:11:0c:5a:e6:
         25:35:1c:31:7d:4d:9f:2e:25:1d:44:0f:f0:8b:f2:fc:68:80:
         8e:77:be:71:32:62:1e:17:fa:4e:ae:eb:0b:89:fb:30:be:34:
         31:06:26:5f:47:c0:d5:91:91:eb:3d:c9:74:b9:83:f8:50:32:
         77:4c:e9:3b:11:bb:59:0d:a0:96:58:5e:64:fa:8c:92:88:98:
         d5:38:21:31:11:20:6a:dc:be:20:ba:67:0b:a3:dc:ae:e6:f0:
         00:73:7b:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb4Y9dLjaVxYQYz6STV2aC+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MmNmODU3MjM0NGMwYTY3NGE2N2QwZjRiNTFmMTg2ZThh
NzFjNGIwHhcNMjUwNTIyMTQyNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGM2YTY3Njc3NThiNmJmOGI0YTJhOGFlZGM3MjFiNGY3ZThlZGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwr4ucuJ1TBuADdq1scXZ5A3MJSvW
Y42ZbglERyZTZJMCdiFjPtU2AUfuEZBmS1DFBqzpOtoGuy7CgDLVjyLBiAzLZzRO
moBhN4GKmGkLk4f7bZyh1EJi/OAFBA1hCl/cZK3bRxqbjSS6wiLynCPfiP9ch7IW
yPor6fY4w9sYOFQn27u2frSU6FsdNmeOXNz6XLuUgXOokbTHfgvWS/gyG0IpKtqL
S+cTFSRA0KmofsAgHIiFI3d33MNYnNT1fZXDfAe1JILJEK8dNTC+gK9djlZ7QoAh
1MEmDkXE4JcF8R/3LvJXt7IB9313MU1f6L+roq+gS3rSJ5PhAy6ZhO7hOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjGpnZ3WLa/i0oqiu3HIbT36O3lMB8GA1UdIwQY
MBaAFGks+FcjRMCmdKZ9D0tR8YbopxxLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVN6NFZ5TkV3S1owcG4wUFMxSHhodWluSEVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8wNTRiNTAtYTdiMS00NmYzLTlkMTgt
YWYzOWJiMDMwOTdmLzEvYU1hbWRuZFl0ci1MU2lxSzdjY2h0UGZvN2VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8wNTRiNTAtYTdiMS00NmYzLTlkMTgtYWYzOWJiMDMwOTdm
LzEvYVN6NFZ5TkV3S1owcG4wUFMxSHhodWluSEVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGny7AMA0G
CSqGSIb3DQEBCwUAA4IBAQC8oFb5HgAjICfolvVQB70FshI8YI0FDO1IJga0IvCs
0Y0IaULgxtLumY62DJ+H+J50k1gGIRohO+uiHoBN4boAPfcvZzgVEEc4qPCgfabI
U8LkIVMYPrOs8kbp+OPUdeZ5HQDNKd3qUnVBY7HRGcI/zvStrlRtLgdAxAQGMqtf
izV9/7hX/AWbf9klwFqadVz5ovQ32ZrQGFpr2Z9i+hEMWuYlNRwxfU2fLiUdRA/w
i/L8aICOd75xMmIeF/pOrusLifswvjQxBiZfR8DVkZHrPcl0uYP4UDJ3TOk7EbtZ
DaCWWF5k+oySiJjVOCExESBq3L4gumcLo9yu5vAAc3ud
-----END CERTIFICATE-----